aa-status: add support for kill and unconfined profile modes

AppArmor 3 exposes kernel support for the kill and unconfined profile modes. Make sure aa-status has basic support for these modes. Signed-off-by: John Johansen <john.johansen@canonical.com> Acked-by: Steve Beattie <steve.beattie@canonical.com>
2025-08-31 06:16:03 +00:00 · 2020-04-26 04:32:43 -07:00
parent e3185cadf3
commit de8f1ba17d
2 changed files with 22 additions and 3 deletions
--- a/binutils/aa_status.c
+++ b/binutils/aa_status.c
@@ -407,6 +407,14 @@ static int cmd_complaining(const char *command) {
        return simple_filtered_count("complain");
 }

+static int cmd_kill(const char *command) {
+        return simple_filtered_count("kill");
+}
+
+static int cmd_unconfined(const char *command) {
+        return simple_filtered_count("unconfined");
+}
+
 static int cmd_process_mixed(const char *command) {
        return simple_filtered_process_count("mixed");
 }
@@ -426,8 +434,8 @@ static int detailed_output(int json) {
        size_t nprofiles = 0, nprocesses = 0;
        struct profile *profiles = NULL;
        struct process *processes = NULL;
-        const char *profile_statuses[] = {"enforce", "complain"};
-        const char *process_statuses[] = {"enforce", "complain", "unconfined", "mixed"};
+        const char *profile_statuses[] = {"enforce", "complain", "kill", "unconfined"};
+        const char *process_statuses[] = {"enforce", "complain", "unconfined", "mixed", "kill"};
        int ret, i;

        ret = get_profiles(&profiles, &nprofiles);
@@ -551,6 +559,8 @@ static int print_usage(const char *command)
         "  --profiled      prints the number of loaded policies\n"
         "  --enforced      prints the number of loaded enforcing policies\n"
         "  --complaining   prints the number of loaded non-enforcing policies\n"
+         "  --kill          prints the number of loaded enforcing policies that kill tasks on policy violations\n"
+         "  --special-unconfined   prints the number of loaded non-enforcing policies in the special unconfined mode\n"
         "  --process-mixed prints the number processes with mixed profile modes\n"
         "  --json          displays multiple data points in machine-readable JSON format\n"
         "  --pretty-json   same data as --json, formatted for human consumption as well\n"
@@ -570,6 +580,8 @@ static struct command commands[] = {
        {"--profiled", cmd_profiled},
        {"--enforced", cmd_enforced},
        {"--complaining", cmd_complaining},
+        {"--kill", cmd_kill},
+        {"--special-unconfined", cmd_unconfined},
        {"--process-mixed", cmd_process_mixed},
        {"--json", cmd_json},
        {"--pretty-json", cmd_pretty_json},